Password forgetting
This chapter introduces how to deal with the loss of the Console port. It is recommended that the user keep the password properly and modify it regularly.
Restore Console port password
The device provides the following methods to recover the Console port password.
• method 1: log in to the device through STelnet/Telnet and modify the Console port password. (recommended)
• method 2: configure and clear the Console port password under BootROM, and modify the Console port password after startup.
• method 3: under the BootROM menu, cancel the setting of the next boot configuration file, and modify the Console port password after the device starts with an empty configuration.
Method 1: log in to the device through STelnet/Telnet and modify the Console port password.
For the command line and echo information involved below, take the modification of Console port password by STelnet login device as an example. If the user has a STelnet account and has level 3 or higher permissions, you can log in to the device through STelnet, modify the Console port password, and then save the configuration.
1. Log in to the device with the STelnet account and confirm that the current account has level 3 or higher permissions.
Use the display users command to view all logged in users of the current device. The "+" mark indicates the current user, and the corresponding number VTY1 is recorded.
<HUAWEI> display users User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag 129 VTY 0 00:23:36 TEL 10.135.18.67 pass no Username : Unspecified + 130 VTY 1 01:20:36 TEL 10.135.18.91 pass no Username : Unspecified 131 VTY 2 00:00:00 TEL 10.135.18.54 pass no Username : Unspecified
Use the display user interface command to display the permissions of all users, determine that the corresponding level of VTY1 is 15, and have the permission to modify the Console port password.
<HUAWEI> display user-interface Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int 0 CON 0 9600 - 15 - P - + 129 VTY 0 - 15 15 P - + 130 VTY 1 - 15 15 P - + 131 VTY 2 - 15 - P - 132 VTY 3 - 15 15 P - ......
2. Modify the password of the Console user to change it to password authentication, and the password is“ huawei@123 ”For example.
<HUAWEI> system-view [HUAWEI] user-interface console 0 [HUAWEI-ui-console0] authentication-mode password [HUAWEI-ui-console0] set authentication password cipher huawei@123 [HUAWEI-ui-console0] return
3. To prevent configuration loss after restart, save the configuration.
<HUAWEI> save The current configuration will be written to the device. Are you sure to continue?[Y/N]y Now saving the current configuration to the slot 0. Save the configuration successfully.
Method 2: clear the Console port password under BootROM and modify the Console port password after logging in.
The BootROM of the device provides the function of clearing the password of the Console port, which can skip the password check when the user logs in using the Console port. In this way, after the system is started, all configuration loads will be completed as usual, except that the Console password does not need to be entered. After the device is started, reconfigure the authentication method and Console port password, and then save the configuration.
be careful:
• to enter the BootROM menu, you need to restart the device, which will lead to business interruption. Please backup the device according to the specific situation, and try to choose a time with less business.
• clear the Console port password. Please configure a new password immediately after logging in.
• do not power down the equipment during this operation.
1. Connect the device with serial port cable and restart. When "Press Ctrl+B to enter BootROM menu..." (V200R002 and V200R003 versions) or "Press Ctrl+B or Ctrl+E to enter BootROM menu..." (V200R005 and later versions) when printing information, press "Ctrl+B" or "Ctrl+E" and type in the password (the default is“ Admin@huawei.com ”, the version before V100R006C03 may be "Huawei"), and enter the BootROM main menu.
2. Clear the Console login password.
BootROM MENU
1. Boot with default mode
2. Enter serial submenu
3. Enter startup submenu
4. Enter ethernet submenu
5. Enter filesystem submenu
6. Modify BootROM password //V200R006 and earlier: Modify BootROM password V200R007 and later: Enter password submenu
7. Clear password for console user
8. Reboot
(Press Ctrl+E to enter diag menu)
Enter your choice(1-8): 7
Note: Clear password for console user? Yes or No(Y/N): y
Clear password for console user successfully. Choose "1" to boot, then set a new password.
Note: Do not choose "8. Reboot" or power off the device, otherwise this operation will not take effect.
3. According to the prompt of the device, select "1" under the BootROM main menu to start the device.
4. After the system is started, authentication is not required when logging in through the Console port. After logging in, configure the Console port password to change to password authentication and change the password to“ huawei@123 ”For example.
<HUAWEI> system-view [HUAWEI] user-interface console 0 [HUAWEI-ui-console0] authentication-mode password [HUAWEI-ui-console0] set authentication password cipher huawei@123 [HUAWEI-ui-console0] return
5. To prevent configuration loss after restart, save the configuration.
<HUAWEI> save The current configuration will be written to the device. Are you sure to continue?[Y/N]y Now saving the current configuration to the slot 0. Save the configuration successfully.
Method 3: in the BootROM menu, cancel the setting of the next boot configuration file, and modify the Console port password after the device starts with an empty configuration.
Cancel the setting of the next boot configuration file under BootROM, and the device will start with an empty configuration (factory configuration). After startup, export the original configuration file and manually modify the configuration of Console login. Upload the modified configuration file to the device again. Configure the device to start with the modified configuration file. The restarted device will not need to enter the Console login Password. (the following example takes the Password authentication configured under the Console as an example, and other authentication methods are subject to the actual situation of the equipment.)
Note:
• to enter the BootROM menu, you need to restart the device, which will lead to business interruption. Please backup the device according to the specific situation, and try to choose a time with less business.
• do not power down the equipment during this operation.
• the Console port of V200R010 and later versions is AAA Authentication by default. If the authentication mode is not modified after the empty configuration is started, configure the device to delete the configuration file after the authentication mode. When starting, the device after restart needs to enter the default user name admin and password admin@huawei.com , the echo in this case shall be subject to the actual display of the equipment.
1. Connect the device with the serial port cable and restart it. When "Press Ctrl+B to enter BootROM menu..." (V200R002 and V200R003 versions) or "Press Ctrl+B or Ctrl+E to enter BootROM menu..." (V200R005 and later versions) when printing information, press "Ctrl+B" or "Ctrl+E" and type in the password (the default is“ Admin@huawei.com ”, the version before V100R006C03 may be "Huawei") and then enter the BootROM main menu.
2. Clear the startup configuration file to enable the device to start with an empty configuration.
BootROM MENU
1. Boot with default mode
2. Enter serial submenu
3. Enter startup submenu
4. Enter ethernet submenu
5. Enter filesystem submenu
6. Modify BootROM password //V200R006 and earlier: Modify BootROM password V200R007 and later: Enter password submenu
7. Clear password for console user
8. Reboot
(Press Ctrl+E to enter diag menu)
Enter your choice(1-8): 3
Startup Configuration Submenu
1. Display startup configuration
2. Modify startup configuration
3. Return to main menu
Enter your choice(1-3): 2
Note: startup file field can not be cleared
'.'=clear field; =quit; Enter=use current configuration
startup type(1: Flash)
current: 1
new :
Flash startup file (can not be cleared)
current: HUAWEI-v200r008c00.cc
new :
saved-configuration file
current: vrpcfg.zip
new : . //Clear current value
patch package
current:
new :
Startup Configuration Submenu
1. Display startup configuration
2. Modify startup configuration
3. Return to main menu
Enter your choice(1-3): 3
3. Select "1" under the BootROM main menu to start the device.
4. After the system is started, the equipment will return to the factory configuration. When V200R009 and earlier versions log in through the Console port, they will be prompted to set the Console port password, which is the password“ huawei@123 ”For example.
An initial password is required for the first login via the console. Continue to set it? [Y/N]:y Set a password and keep it safe. Otherwise you will not be able to login via the console. Please configure the login password (8-16) Enter Password: //input huawei@123 Confirm Password: //Enter again huawei@123
When V200R010 and later versions log in through the Console port, they will be prompted to enter the default user name and password of the Console port, and then they will be prompted to change the password. At this time, the password must be changed, and the password is the default password“ huawei@123 ”For example.
Login authentication
Username:admin
Password: //input admin@huawei.com
Warning: The default password poses security risks.
The password needs to be changed. Change now? [Y/N]: y
Please enter old password: //input admin@huawei.com
Please enter new password: //input huawei@123
Please confirm new password: //Enter again huawei@123
The password has been changed successfully.
5. Restore the original configuration. The current device is the default factory configuration. If you want to restore the original configuration of the device and do not want to keep the configuration about the Console password in the original configuration file, you can download the original configuration file to the PC, manually delete the configuration under the Console, upload it to the device, specify it as the next startup file, and restart the device.
a. Configure the device as an FTP server.
<HUAWEI> system-view [HUAWEI] ftp server enable Info: The FTP server is already enabled. [HUAWEI] vlan 10 [HUAWEI-vlan10] interface vlanif 10 //Configure VLANIF10 as the management interface. [HUAWEI-Vlanif10] ip address 10.110.24.254 24 [HUAWEI-Vlanif10] quit [HUAWEI] interface gigabitethernet 0/0/10 //GE0/0/10 refers to the physical interface number between the PC logging in to the Switch using the Web network management and the Switch. Please select it according to the actual network situation. [HUAWEI-GigabitEthernet0/0/10] port link-type access [HUAWEI-GigabitEthernet0/0/10] port default vlan 10 [HUAWEI-GigabitEthernet0/0/10] quit [HUAWEI] aaa [HUAWEI-aaa] local-user huawei password irreversible-cipher huawei@123 [HUAWEI-aaa] local-user huawei ftp-directory flash: [HUAWEI-aaa] local-user huawei service-type ftp [HUAWEI-aaa] local-user huawei privilege level 15
b. download the original configuration file vrpcfg Zip to PC.
C:\Documents and Setting\Administrator> ftp 10.110.24.254 Connect to 10.110.24.254. 220 FTP service ready. user (10.110.24.254:(none)): huawei 331 Password required for huawei. password: 230 User logged in. ftp> get vrpcfg.zip 200 Port command okay. 150 Opening ASCII mode data connection for directory list. 226 Transfer complete. ftp: 981 bytes received, time 0.01 981000 seconds.00 Kilobyte/second.
c. after decompression on the PC, use the text editing tool (it is recommended to use the text editing tool provided by the system) to open and delete the Console port authentication configuration, and then compress it into vrpcfg Zip file. The configurations to be deleted are as follows:
# user-interface maximum-vty 15 user-interface con 0 authentication-mode password //Manual deletion required set authentication password cipher %@%@:*IB+w7j~""GlU$0-;\#m@Jw %@%@/ / need to delete manually # user-interface con 0 authentication-mode aaa //Manual deletion required user privilege level 15 //Manual deletion required
6. After saving the modified configuration file, upload it to the device to replace the original configuration file.
ftp> put vrpcfg.zip 200 Port command okay. 150 Opening ASCII mode data connection for directory list. 226 Transfer complete. ftp: Send 981 bytes, time 0.00Seconds 978000.00 Kilobyte/second.
7. Set the modified configuration file as the next startup configuration file, and choose not to save the configuration to restart the device.
<HUAWEI> startup saved-configuration vrpcfg.zip Info: Succeeded in setting the configuration for booting system. <HUAWEI> reboot fast System will reboot! Continue ? [y/n]:y
8. After restarting, you will be reminded to set the Console login password again. After entering a safe and convenient password, press enter to enter the command line interface.